Skip to main content

OCI Integration Guide

The following guide covers the steps to integrate your Oracle Cloud Infrastructure (OCI) data with Vega Cloud.

note

OCI is in Open Preview and is not General Availabilty (GA) at this time. More information about release phases may be found here.

OCI Console

Step 1: Create an IAM User

For Vega Cloud to receive access to Oracle Data, we require an OCI user in the platform. This allows you to control access given to our organization for authorized resources.

  1. Log in to the Oracle console.
  2. Search for Domains in the search bar up top, one of Oracle's Identity services.
  3. Choose the specific Domain under the compartment that you intend to grant Vega access to.
  4. In the domain interface, locate and select the Users tab from the left-hand menu.
  5. Click on the option to Create User. Provide the necessary details, it is suggested to use Vegacloud somewhere in the name/email for easy identification. After entering the requisite information, proceed to click on Create.

Step 2: Set up an API signing Key

The administrator within your organization must create a key pair specifically for signing Vega API requests. This leads to Oracle generating the public key from the pair, while the private key needs to be integrated into the Vega platform.

Once the user is created proceed with the following steps:

  1. Select the user from the Users tab created in Step 1.
  2. On the bottom left, navigate to the API Keys tab under Resources and select Add API Key.
  3. Next, you have the option to generate the key pair. You can download the private key.
    1. If you already possess a key pair, you can opt-out to upload or paste your public key file instead. Generating an API key pair is recommended.
  4. After generating the key pair, select Download Private Key and Download Public Key.
    1. These keys will be essential moving forward.
  5. Finally, select the Add button.
  6. Upon completion, a configuration file snippet will be displayed containing the basic authentication information necessary for utilizing our user's credentials in the SDK, CLI, or other OCI developer tools.
  7. Copy this snippet to the text editor of your preference. Vega will require this information alongside developer tools to authenticate against Oracle.
note

Make sure to keep the Private Key .pem content handy, as it will be used in the following steps.

Step 3: Add user to a group

Access to infrastructure within OCI is governed at the group level in a domain, rather than individually for each user. As a result, to secure access to resources, a Vega user must be included in the group linked with the requisite IAM policies, thereby granting the necessary permissions.

note

You can create a user group or add the Vega user from Step 1 to an existing group.

If a group has not been established then follow these steps:

  1. Navigate to Identity and then Domain.
    1. Identity > Domain
  2. On the left-hand menu select Groups.
    1. Identity > Domains > <YOUR_SELECTED_DOMAIN_NAME_HERE>
  3. Click on Create Group.
  4. Fill out the required fields, including the name and description of the group.
  5. Add the Vega user from Step 1 to this group.
  6. After all the necessary details are provided, select Create.

Step 4: Create access policies

Create an IAM policy using the following policy statements and attach it to user group from Step 3.

In the Oracle Console:

  1. Navigate to Identity and then Policies.
    1. Identity > Policies
  2. If the policy has not been created, select Create Policy.
  3. Fill out Name, Description, and copy the following into Policy Statement Manual Editor.
    1. Allow group <YOUR_GROUP_NAME_HERE> to read all-resources in <COMPARTMENT_NAME>
    2. Note: COMPARTMENT_NAME is the compartment where the resources are located. If this is the root compartment, then use 'tenancy' for compartment name.
  4. After pasting the policy statement(s), select Create Policy.
  5. Once the policy is created, it is then attached to the user group from Step 3.
info

Now you can head over to the Vega Platform.

Vega Platform

Create OCI Provider Account

Now we need to create the Provider Account in the Vega Platform to connect to your Oracle Cloud Infrastructure (OCI) data.

  1. Navigate to the Vega Platform.

  2. As an admin level user select Settings on the left-hand menu.

  3. Locate and select the tab Provider Accounts.

  4. Next, press the + Account button.

  5. After, click the Oracle Cloud Infrastructure button.

  6. Now, fill out the required form fields. This information can be found in the configuration file snippet from Step 2 in the Oracle Console section.

    Option 1 - If the desired OCI Compartment is the Root Compartment:
    info

    Make sure the checkbox with the label "This is the Tenancy ID (Compartment root)." is checked.

    • Tenancy OCID: The OCID of the tenancy / root compartment.
    • Private Key: The content of the private key downloaded earlier
    • Fingerprint: The fingerprint of the Private Key file
    • Home Region Identifier: Home Region ID of the root Compartment
    • User OCI: The user OCID created above
    • Vega Account Alias (optional): An optional name to give your Provider Account
    • Account Status: Indication if the account is enabled or not, where disabled accounts will not be discovered or actioned on.
    Option 2 - If the desired OCI Compartment is a child Compartment:
    info

    Make sure the checkbox with the label "This is the Tenancy ID (Compartment root)." is not checked.

    • Compartment OCID: The OCID of the desired Compartment.
    • Tenancy OCID: The OCID of the Tenancy that the Compartment Reside in.
    • Parent Compartment OCID: The OCID of the direct parent Compartment.
    • Private Key: The content of the private key downloaded earlier
    • Fingerprint: The fingerprint of the Private Key file
    • Home Region Identifier: Home Region ID of the root Compartment
    • User OCI: The user OCID created above
    • Vega Account Alias (optional): An optional name to give your Provider Account
    • Account Status: Indication if the account is enabled or not, where disabled accounts will not be discovered or actioned on.
  7. Finally, when all the content has been entered, select Create.

    1. Once the required form fields have been inputted, and the contents validated, it will be submitted.